Translate

Tuesday, November 18, 2014

Boosting wifi power

By Matthew Barnard

As there seems to be a lack of articles and reviews on Alfa wifi cards (and wifi in general), i'll write one.

The first and most important step when choosing which wifi card out of the various varieties sold of Amazon and elsewhere, is to check its compatibility with your setup. I found this out the hard way when I bought a card that did not support monitor mode. Some of the cards to not have proper driver software. Some just simply don't work on Linux. Luckily, they all work on Windows in the event that you are past your return period. The one model that I found to work was AWUS036NH. It was simply plug-and-play for both Linux and Windows. It supported all forms of wireless hacking. The card is rated at 2000mw, but obviously that is a joke. Here in the US, we are limited to 100mw total output power. Even if the card does have more power, you are will need to modify it to properly work. Make sure that whatever antenna you purchase, that it has a removable antenna. Internal antennas are simply the worst.

How to Unlock Alfa wifi adapter (and most other adapters)

Open a terminal and type ifconfig

You should see a list of networks cards. It is usually starts with wlan followed by a number. In my case it was wlan0.

Now to check the current power output of the wifi card.

iwconfig wlan0

Replace wlan0 with whatever your wireless cards name is.

The standard power output is usually around 20dbm in the US (100mw).

Now lets assume the Alfa wifi cards output really is somewhere around 500mw. I want to be able to access that power for extra long range communication. I convert watts to dbm and get 27dbm. That is the number required to achieve 500mw of output power.

Here is a quick reference chart for common RF numbers.

15dbm = 31mw

16dbm = 39mw

17dbm = 50mw

18dbm = 63mw

19dbm = 79mw

20dbm = 100mw

21dbm = 120mw

22dbm = 158mw

23dbm = 190mw

24dbm = 250mw

25dbm = 316mw

26dbm = 398mw

27dbm = 501mw

28dbm = 630mw

29dbm = 794mw

30dbm = 1000mw

31dbm = 1250mw (1.25w)

32dbm = 1580mw (1.58w)

33dbm = 2000mw (2w)

34dbm = 2500mw (2.5w)

25dbm = 3160mw (3.6w)

The power of the wifi card is generally limited by it's ability to cool itself. Without a proper heat sink, even very powerful cards cannot output much power without emitting magic smoke. You could install a heat sink, but that is outside the scope of this site.

A side note on radios in general.....

The antenna matters as much or more than the output power of your radio. You want to hear as well as talk right? Then you need an antenna to pick it up as well as transmit your "speach", too.With a decent antenna, you can achieve much greater range than with the horrible dipole antennas that are so common. A common dipole antenna is also known as a "rubber duck" antenna. It is basically a little black plastic stick poking out the back of your wifi card, router, or a number of other things. You want a better quality antenna than a dipole. A dipole emits power in a full circle, 360 pattern. The only place it does not emit power is on top and bottom. Pointing your antenna with the tip will drastically weaken the signal quality. For excellent range, you want an antenna that has a 180 degree or smaller radiation pattern. The only reason you would want a 360 antenna is if your wifi router is in the middle of your house. You almost never want an omni (360 signal) antenna for your wifi card, as you only need to receive a signal from one place, the router.

An antenna like this is much better. I won't get into antenna mechanics, but generally an antenna with a higher gain is a better antenna. You will need to aim the antenna to "lock on" to the access point. To find an access point, you will need to move the antenna around to get the best signal.

This is exactly the antenna I am using currently to write this article

I use a 15 dbi yagi antenna often. The downside is size (30" long), but I can communicate at la good mile with this antenna.

This is one of my antennas (buy it here) You also need the correct connector cable (buy it here) to make it compatible with the Alfa wifi card

You can buy it for $25 with free shipping. Make sure that the connector type is compatible. SMA means there is no little pin sticking out the end. RP SMA means there is a small pin in the plug.

You will need a N female to RP SMA if you want the Yagi to be compatible with most wifi cards (note, some wifi cards do not have a detachable antenna).Buy the adapter here

For the ultimate in antennas, pick up a dish antenna. This is very similar to dishes used for satellite TV. The downside is that they are big (5 pounds). The upside is that you can be very far away (2-3 miles) and still have a strong signal.You can buy an excellent dish antenna here. (costs about $45)
(you will need an adapter to fit the Alfa wifi card) Buy that here.

A very important note on antennas.

NEVER use a radio without an antenna. You will burn the card in a matter of minutes if not seconds because the antenna does not have a proper "load".

So back to adjusting wifi output power

I want my card to output 500mw of power, or 27dbm. Unless you card has a decent heat sink (Alfa wifi cards generally do not), then don't go over 500mw. On a side note, it is illegal put out this much power, so if the police come knocking at your door (which is extremely unlikely), don't blame me.

To adjust the power, first I must shut the wifi card down.

To do so

ifconfig wlan0 down

(replace wlan0 with whatever your number is)

Now we change our country to Bolivia, which allows up to 1000mw of output

(there are several other countries which allow similar power output)

iw reg set BO

Then turn your card back on

ifconfig wlan0 up

(again, replace wlan0 with whatever you card is)

Now I can change the output power up to 30dbm

iwconfig wlan0 txpower 27

(change wlan0 again, set txpower to whatever you want)

Be careful not to set the txpower to high. If you feel your wifi card getting exceptionally hotter than normal, lower the number. By emitting more power than it can handle, you may shorten the life of your card.

Monday, August 18, 2014

Hacking the Hard Drive

Lets face it, we hackers don't want to be caught with a bunch of tools
that would have police ready dismantle your computer once they found out
about them. Computers get old, they break, and you just don't need the
extra risk laying around.

In this tutorial I will be going over how to wipe and format your drive.

Now I should mention that to completely wipe a hard drive, your best best would be physical destruction.

Methods such as shooting the hard drive. When you shoot the hard drive, make sure to back the hard drive up with a thick piece of steel or something that will absorb the shell. Put at least one hole in the platter (the part not covered by a sticker), and a hole in the circuit board (part covered by sticker). Really one shot would do it, but shooting things is fun :D

Drilling holes though the hard drive (make sure to hit the platter) Use a TiN drill bit at high speed. Make sure to put a block of wood behind the hard drive and clamp the hard drive down. Any drill should be able to do the job, but beware, it tends to be hard on the drill bit.

And using Thermite on the hard drive (why not use thermite on the whole computer?) Thermite can be bought for about $25 USD per 4 pounds of thermite. That is way more than enough to destroy a hard drive. You could probably cause a reaction 4 times bigger than below. Use with extreme caution, it will not just burn your skin, but put a hole right through your body and out the other side. You have been warned....

From visual observation, I would say thermite does a pretty good job.

Now
I can already hear you asking "I know, lighting your hard drive on fire
sounds fun and all, but I would like to still be able to use the drive
for something else." Well no worries! Because there is a solution to
keep your hard drive from looking like burnt bread.

A quick Windows solution would be to delete everything on the disk, then format the drive (under options). It is not amazing, but it will keep non-motivated people out of your stuff.

Using Gparted.

I
really like Gparted for erasing an entire disk throughly. It also has
many other tools built in, which makes it all the more convenient. If
you use any form of linux, it should have Gparted built in, but keep in
mind that you cannot erase the hard drive that the OS is installed on.
To install on a linux machine type "apt-get install gparted". You can
probably figure it out from there. If you use Windows, live boot is your
best bet.

You
can use your native disk writer on Windows. Make sure you actually burn
the .img to the disk, not just copy the file over. Select the "burn
image to disk" option.

-Flash drive or SD card (or other flash memory)

Make
sure there is nothing you want to keep on the drive. Go to "my
computer" and right click the drive you want to use. Click "format".
Select "restore device defaults". Format the drive.

Download Win32 Disk Image burner here. Select the .img and the correct drive letter (go to "my computer" to see which drive).

How to boot into Gparted

Insert DVD/CD or Flash drive into computer to be wiped.

Reboot
the computer. When it turns on, go into the BIOS. If you don't know
what key does that, look carefully as you have limited time to hit the
key. Usually it is Esc, Del, or F12 (or other F key). Use the arrow keys
to move around until you find a selection that says "boot order".
Usually this is under the boot tab or something. Just make sure you
don't change any settings other than what I tell you to. You should see
HDD or HD or hard drive as the #1 option. Move your cursor over it and
hit enter (if required). Use the up and down arrows or + and - sign to
select either CD/DVD drive (sometimes listed as the drive name) for CD
or DVDs.

Booting from SD or FD can be a bit tricky, sometimes it is listed as "flash drive" or "FD" or something along those lines.

Save
the configuration (usually F10 key) and reboot. If you selected the
wrong option, no problem. Quickly hold down the power button for 5
seconds to shut off. Restart and repeat the process of selecting the
drive again. Eventually with enough guessing it should boot into the
Gparted Live screen. From now keep hitting the enter key when an option
pops up on the boot (unless you don't speak English :P ).

You should eventually see a screen that looks like this.

On
the upper right corner click on the drive selection button. Select the
drive that you want to wipe. Right click option and click "format to".
Select any of the options. Click the green check mark. Once formatted,
format again, selecting a different format option. Then proceed to
"delete" the drive. It should now be "unallocated".

This
should do it for drives that have semi-sensitive info on them. Use a
different method for protection against move powerful organizations.
Simply encrypt the entire drive, then wipe it, and finally format it
once more. A quick Google search will provide other good options.

Wednesday, July 30, 2014

How To Bypass Windows Password

This is the easiest possible known for gaining access to almost any Windows computer.

In this tutorial, we will be going over how to login to Windows without access to the password. This will enable you to log into any Windows computer under any user. The tools we will be using here are simple, using a tool that can be installed on Windows or Linux. Mac support is available, please write in the comment section if you are interested.

What this tool does.

It is a Master Boot Record infection. It basically infects the MBR when Windows boots. It does not cause any harm to the computer or leave any trace of it being used. More information.

It works with all Windows variants up to Windows 8.1

What this tool does not do.

First, it is not possible to change the password associated to the account used to connect. However, changing the password of other local accounts on the system seems to be possible.

The files encrypted with the EFS (Encrypted File System) Windows feature cannot be opened. An “access denied” message is displayed by the system.

In a more general way, it is not possible to use the private keys stored in the Windows certificates store (it is not possible to access to secure websites, or to decrypt e-mails.

Kon-boot does not allow to bypass the authentication on an Active Directory domain.

What you will need

Instructions for Windows users. Scroll down for Linux users.

Once you have downloaded this file, extract it to your desktop.

Next, navigate to My Computer. Note the drive letter that you want to use for KonBoot. Right click the drive (once you have removed the content from the drive that you want to keep) an select "Format Drive"

Select "restore device defaults" and click "start"

Now to install KonBoot to drive

Go back to the KonBoot folder you just downloaded and extracted.

Open the CD folder if you are going to install on a CD

Open the USB folder if you are going to install on a flash drive or SD card

To Install On Flashdrive/SD card

THIS IS IMPORTANT

Unplug any other drives you have in your computer. Otherwise you risk permanent data loss.

Right click "usb_install2_NEEDADMIN" and select "Run as Administrator". Click "OK" and it will write KonBoot to drive.

That's it! KonBoot is now written to the drive! You may now put whatever files you want back on the drive, being careful to not delete any konboot files already on the drive.

To Install on CD

Open the "kon-boot CD" folder in the Kon Boot file you downloaded. Right click and click "Open with Windows Disk Imager" Select disk that you want to burn and click "burn" KonBoot is now installed on CD.

How To Use KonBoot

Power off the victim machine. Plug Kali Linux into a USB port on the machine. Turn on the machine and hit the key "F12" or "F10" when you see the BIOS loading (black screen with various nonsensical words). Some computers are different. You want the computer to show this screen.

In this case I will select "CD-ROM" since I am booting from a CD. Select the number or letter that correlates with either "CD-ROM" or "USB HD". You may have to try other USB options, BIOS's vary from one another. Once you have selected the drive, you should see a screen like this.

From this point on there will be no more screen shots due to limitations in Oracle VM.

Finally, hit the "enter" key to start KonBoot. It will begin and soon Windows should load. When you get to the user login, select any user you want and hit the login button. You will automatically be logged in to that computer. For computers where you have to type in username. Type in username that you wish to use and log in. The privilege escalations will last until you shut the computer off.

To Install on a Linux machine.

To install on USB or SD
Download and install UnetBootin by typing: sudo apt-get install unetbootin
Then type"sudo unetbootin"
A graphical interface will come up (sorry this method won't install over putty).
Extract the file and select the diskimage from the KonBoot folder USB.
Next, wipe the drive you intend on using.
Finally, write the image to the USB.